In re Barber et al. 
Serial No. 09/5 J 7,366 

AMENDMENTS 

In the Claims: 

This listing of claims replaces all prior versions and listings of claims in the 
application. 

1. (Currently amended) A system for establishing a secure execution 
environment for a software process executed by a program operating on a computer, 
comprising: 

a software process operating on a computer, said software process including a 
plurality of attributes; 

an operating system kernel in communication with said software process and in 
communication with an executable file to be accessed by said software process; and 

a system call trap associated with said operating system kernel, said system call trap 
configured to modify the plurality of attributes for the software process in said operating 
system kernel based on an executable environment attribute stored in association with said 
executable file , such that when said executable file is executed, a new software process 
attribute is set as a function of the executable environment attribute . 

2. (Previously presented) The system of claim 1, wherein said system call trap 
further comprises: 

a process attribute extension; and 

an access token extension associated with said process attribute extension, said access 
token extension including said executable environment attribute. 

3. (Previously presented) The system of claim 1, wherein said executable 
environment attribute is contained in a database associated with said executable file. 

4. (Previously presented) The system of claim 1, wherein said executable 
environment attribute is chosen from the group consisting of user ID, group IDs and 
privileges. 
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5. (Currently amended) The system of claim 1, wherein said execution 
environment attribute isolates said software process from any other software process 
operating on said computer. 

6. (Original) The system of claim 1 , wherein said software process is a web 
server process. 

7. (Original) The system of claim 1 , wherein said software process is a file 
transfer process. 

8. (Original) The system of claim 1, wherein said software process is a mail 
server process. 

9. (Previously presented) The system of claiml, wherein said executable 
environment attribute is associated to said software process upon execution of said software 
process. 

10. (Previously presented) The system of claim 1, wherein said executable 
environment attribute replaces any existing attributes associated with said software process. 

1 1 . (Currently amended) A method for establishing a secure execution 
environment for a software process executed by a program operating on a computer, the 
method comprising: 

operating a software process on a computer, said software process including a 
plurality of attributes; 

executing an operating system kernel in communication with said software process, 
said operating system kernel in communication with an executable file to be accessed by said 
software process; and 

modifying the plurality of attributes for the software process based on an executable 
environment attribute stored in association with the executable file , such that when said 
executable file is executed, a new software process attribute is set as a function of the 
executable environment attribute. 
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12. (Previously presented) The method of claim 11, further comprising: 
executing a process attribute extension; and 

executing an access token extension associated with said process attribute extension, 
said access token extension including the executable environment attribute. 

13. (Previously presented) The method of claim 11, wherein the executable 
environment attribute is contained in a database associated with said executable file. 

14. (Previously presented) The method of claim 11, wherein said the executable 
environment attribute is chosen from the group consisting of user ID, group IDs and 
privileges. 

15. (Currently amended) The method of claim 11, wherein said execution 
environment attribute isolates said software process from any other software process 
operating on said computer. 

16. (Original) The method of claim 11, wherein said software process is a web 
server process. 

1 7. (Original) The method of claim 1 1 , wherein said software process is a file 
transfer process. 

1 8. (Original) The method of claim 1 1 , wherein said software process is a mail 
server process. 

19. (Previously presented) The method of claim 11, wherein the executable 
environment attribute is associated to said software process upon execution of said software 
process. 

20. (Previously presented) The method of claim 11, wherein the executable 
environment attribute replaces any existing attributes associated with said software process. 
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21 . (Currently amended) A computer readable medium having a program for 
establishing a secure execution environment for a software process executed by a program 
operating on a computer, the program including logic for: 

operating a software process on a computer, said software process including a 
plurality of attributes; 

executing an operating system kernel in communication with said software process, 
said operating system kernel in communication with an executable file to be accessed by said 
software process; and 

modifying the plurality of attributes for the software process based on an executable 
environment attribute stored in association with the executable file , such that when said 
executable file is executed, a new software process attribute is set as a function of the 
executable environment attribute . 

22. (Previously presented) The program of claim 21, further comprising logic for: 
executing a process attribute extension; and 

executing an access token extension associated with said process attribute extension, 
said access token extension including the executable environment attribute. 

23. (Previously presented) The program of claim 21, wherein the executable 
environment attribute is contained in a database associated with said executable file. 

24. (Previously presented) The program of claim 21 , wherein said the executable 
environment attribute is chosen from the group consisting of user ID, group IDs and 
privileges. 

25. (Currently amended) The program of claim 21, wherein said execution 
environment attribute isolates said software process from any other software process 
operating on said computer. 

26. (Original) The program of claim 21, wherein said software process is a web 
server process. 
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27. (Original) The program of claim 21, wherein said software process is a file 
transfer process. 

28. (Original) The program of claim 21, wherein said software process is a mail 
server process. 

29. (Previously presented) The program of claim 21, wherein said the executable 
environment attribute is associated to said software process upon execution of said software 
process. 

30. (Previously presented) The program of claim 21, wherein the executable 
environment attribute replaces any existing attributes associated with said software process. 

3 1 . (Previously presented) The system of claim 1 , wherein the system call trap is 
further configured to determine whether the execution environment attribute contains an 
inherit flag. 

32. (Previously presented) The system of claim 31, wherein the system call trap is 
further configured to store a current attribute for a current process when the execution 
environment attribute contains an inherit flag. 

33. (Previously presented) The system of claim 32, wherein the system call trap is 
further configured to: 

determine whether the current attribute for the current process contains the inherit 

flag; 

merge the execution environment attribute with a previously stored attribute if the 
current attribute does not contain the inherit flag; and 

merge the execution environment attribute with the current attribute if the current 
attribute does contain the inherit flag. 
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34. (Previously presented) The method of claim 1 1, further comprising 
determining whether the execution environment attribute contains an inherit flag. 

35. (Previously presented) The method of claim 34, further comprising storing a 
current attribute for a current process when the execution attribute contains an inherit flag. 

36. (Previously presented) The method of claim 35, further comprising: 
determining whether the current attribute for the current process contains the inherit 

flag; and 

merging the execution environment attribute with a previously stored attribute if the 
current attribute does not contain the inherit flag. 

37. (Previously presented) The method of claim 35, further comprising: 
determining whether the current attribute for the current process contains the inherit 

flag; and 

merging the execution environment attribute with the current attribute if the current 
attribute does contain the inherit flag. 

38. (Previously presented) The computer readable medium of claim 21, further 
comprising logic for determining whether the execution environment attribute contains an 
inherit flag. 

39. (Previously presented) The computer readable medium of claim 38, further 
comprising logic for storing a current attribute for a current process when the execution 
attribute contains an inherit flag. 

40. (Previously presented) The computer readable medium of claim 39, further 
comprising logic for: 

determining whether the current attribute for the current process contains the inherit 

flag; 

merging the execution environment attribute with a previously stored attribute if the 
current attribute does not contain the inherit flag; and 



7 



In re Barber et al. 
Serial No. 09/517,366 

merging the execution environment attribute with the current attribute if the current 
attribute does contain the inherit flag. 
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